Re: GPG Key Signing (Was: Advocate/Sponsor)

To: John@golden-gryphon.com, H.Robinson@golden-gryphon.com, IV <jaqque@debian.org>
Cc: debian-mentors@lists.debian.org
Subject: Re: GPG Key Signing (Was: Advocate/Sponsor)
From: Manoj Srivastava <srivasta@debian.org>
Date: Fri, 29 Jun 2001 10:06:02 -0500
Message-id: <[🔎] 87wv5v5ns5.fsf@ember.green-gryphon.com>
In-reply-to: <[🔎] 2001-06-28-19-42-57+trackit+sam@debian.org> (Samuel Tardieu's message of "Thu, 28 Jun 2001 19:42:57 +0200")
References: <[🔎] 015e01c0fff0$fa630080$5d546618@ym1.on.wave.home.com> <[🔎] Pine.LNX.4.30.0106281148540.3272-100000@tennyson.netexpress.net> <[🔎] 20010628102754.G18090@ucsd.edu> <[🔎] 2001-06-28-19-42-57+trackit+sam@debian.org>

>>"Samuel" == Samuel Tardieu <sam@debian.org> writes:

 Samuel> It has an enormous flaw: you do not sign a key, you sign an
 Samuel> id. That means that checking for one e-mail address for being
 Samuel> valid and signing all the ids is just bogus. You may use this
 Samuel> protocol, but you have to repeat each for  every email
 Samuel> address you are going to sign. 

	Actually, the real flaw seems to be that my email assumed that
 the protocol was going to be used by people who had a modicum of
 inductive reasoning.  The outline mentions just one ID in the key
 being verified and signed, and I assumed that anyone this concerned
 about security would realize that the same needed to be done for evey
 ID one needed to verify.  Quite obviously I was mistaken in my
 assumption.

	John, could you please add the iteration over email ID's to
 the protocol? 
======================================================================
To Have Your Key Signed
 
4 ...

 You may receive separate emails for each email ID in your key

To Sign Another Key

put 6, 7, and 8 in a loop:
For each address on the key; do:
  6 ...
  7 ...
  8 ...
done

Double Key-Signing
 Same as above, except 6,7,8, and 9 should be in the loop. 

10. You may wish to independenty send email to each email ID on the
    other persons key before signing that identity.
======================================================================

	manoj
-- 
 The sight of death frightens them [Earthers]. Kras the Klingon,
 "Friday's Child", stardate 3497.2
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

Follow-Ups:
- Re: GPG Key Signing (Was: Advocate/Sponsor)
  - From: Samuel Tardieu <sam@debian.org>

References:
- Re: Advocate/Sponsor
  - From: "Duncan Findlay" <duncf@home.com>
- Re: Advocate/Sponsor
  - From: Steve Langasek <vorlon@netexpress.net>
- GPG Key Signing (Was: Advocate/Sponsor)
  - From: "John H. Robinson, IV" <jhriv@ucsd.edu>
- Re: GPG Key Signing (Was: Advocate/Sponsor)
  - From: Samuel Tardieu <sam@debian.org>

Prev by Date: Re: official debian logo on visiting card
Next by Date: Re: GPG Key Signing
Previous by thread: Re: GPG Key Signing
Next by thread: Re: GPG Key Signing (Was: Advocate/Sponsor)
Index(es):
- Date
- Thread